ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which tool uses data models to generate reports and dashboard panels without using SPL?
Which syntax is used to represent an argument in a macro definition?
Which are valid ways to create an event type? (select all that apply)
What are the two parts of a root event dataset?
A Splunk app is configured to extract domain names in web service logs and specify them as a field named domain. What workflow action would return an external IP lookup for the field named domain?
If there are fields in the data with values that are ' ' or empty but not null, which of the following would add a value?
The fields sidebar does not show________. (Select all that apply.)
Which delimiters can the Field Extractor (FX) detect? (select all that apply)
What is required for a macro to accept three arguments?
When using timechart, how many fields can be listed after a by clause?

Question 212 - SPLK-1002 discussion

Report
Export

Which of the following searches would create a graph similar to the one below?

A.
index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | start count states
Answers
A.
index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | start count states
B.
index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | chart count states by -time
Answers
B.
index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | chart count states by -time
C.
index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | timechart count by status
Answers
C.
index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | timechart count by status
D.
None of these searches would generate a similart graph.
Answers
D.
None of these searches would generate a similart graph.
Suggested answer: C

Explanation:

The following search would create a graph similar to the one below:

index_internal sourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan=1d | timechart count by status

The search does the following:

It uses index_internal to specify the internal index that contains Splunk logs and metrics.

It uses sourcetype=Savesplunker to filter events by the sourcetype that indicates the Splunk Enterprise Security app.

It uses fields sourcetype, status to keep only the sourcetype and status fields in the events.

It uses transaction status maxspan=1d to group events into transactions based on the status field with a maximum time span of one day between the first and last events in a transaction.

It uses timechart count by status to create a time-based chart that shows the count of transactions for each status value over time.

The graph shows the following:

It is a line graph with two lines, one yellow and one blue.

The x-axis is labeled with dates from Wed, Apr 4, 2018 to Tue, Apr 10, 2018.

The y-axis is labeled with numbers from 0 to 15.

The yellow line represents ''shipped'' and the blue line represents ''success''.

The yellow line has a steady increase from 0 to 15, while the blue line has a sharp increase from 0 to 5, then a decrease to 0, and then a sharp increase to 10.

The graph is titled ''Type''.

Therefore, option C is the correct answer.

Show Answer
asked 23/09/2024
Sebastian van de Zweerde
43 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms